I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Gary Olsen

One of the first tools written for troubleshooting Windows 2000 Server was Replication Monitor (ReplMon), which soon became the lifeblood for debugging Active Directory replication problems.

Microsoft included ReplMon in the first set of Windows Support Tools and it survives in the latest version for Windows Server 2003. But with so many tools developed over the past seven years, it's easy to forget how powerful ReplMon still is. This article will take a close look at how ReplMon can help diagnose a host of AD replication issues.

Getting started with ReplMon

Replication Monitor is a Windows Support Tools component that can be initiated by simply entering ReplMon from Start-Run or the command window. Initially it's empty, so you have to add monitored servers. From the Edit menu on the tool bar, select "Add monitored server," then add the domain controllers you want to view. Figure 1 shows several DCs added and expanded.

Figure 1

Under each server you'll see a list of naming contexts (configuration, schema, domain, forestdnszones, etc.) hosted on that DC, along with the name of the replication partner. Clicking on any of these partitions will display the replication details in the right pane. This is the information you'd get from the repadmin/showrepl command, except that you get a lot more information from other servers quickly.

To get the most out of ReplMon, you should enable additional logging. Go to View – Options to get the dialog shown in Figure 2. These options are pretty self explanatory, but I recommend enabling at least "Show Transitive Replication Partners and Extended Data." Then click the Status Logging tab (Figure 3) and check "Group Policy Objects" and "Display Changed Attributes when Replication Occurs." This will provide additional information in the left pane for monitored servers about GPO replication success or failure, and identifies the object that was replicated and the update sequence number (USN).

Figure 2

Figure 3

In terms of troubleshooting with ReplMon, here are my favorite selections:

Go to Action-Domain-Search domain controllers for replication errors. On the ensuing screen, select the Run Search button to find all replication errors on all DCs in the domain (Figure 4). You can then save this to a text file. And it's a great way to collect all replication errors in the domain in one spot rather than having to examine many event logs.

Figure 4

Under a DC in the left pane, select one of the partitions and the associated replication partner. You can force replication between the two by selecting Action – Replication Partner – Synchronize with this replication partner. It is much faster than going to the Sites and Services snap-in.

Go under Action – Replication Partner – Check current USN and unreplicated objects. This will show the replication queue for a given partition/replication partner and show objects that have not yet replicated.

There are also some powerful server options. Right click a DC icon and a list of actions will be shown (Figure 5). Most are obvious and the results can be saved as text files.

Figure 5

Synchronize each directory partition (for this DC) with all servers. This includes the option to "push" replication to other DCs. No other tool does this.

Show Group Policy Object Status -- This shows all GPOs in the domain, the GUID, the AD and Sysvol versions. It's similar to a mini GPOTool output.

Show Attribute Meta-Data for Active Directory Object -- This displays attributes for a given object (originating server, version, last write time and so on). It is very similar to the repadmin/showobjmeta command, but with a very cool feature. Click on one attribute and hit the compare button. It shows you that attribute on all DCs in the domain (or forest) -- much easier than doing that with the repadmin command. And, of course you can save it to a text file.

You can see DCs in the domain and global catalog servers in the enterprise.

At the end of the list shown in Figure 5, there is a Properties option where there are some more cool features:

FSMO Roles -- As shown in Figure 6, this tab lists all FSMO role holders, but notice the query button. NTDSUtil and various MMCs (and even Netdom) will list FSMOs, but ReplMon will query them to see if they are responsive.

Finally, to eliminate the need to manually connect to the domain controllers each time you use ReplMon, go to File-Save Monitored List As. You can save the list of DCs in the tool to a text file (*.ini). You can also edit the file to add additional DCs. Then you can select File-Open Script and select the .ini file you saved to load the DCs.

While all of these features are great, I've left the best for last -- the Status Report. Right click on the DC icon and select Generate Status Report. Keep the default options and provide a file name. This status report is a dump of all data related to replication. It evaluates DNS, replication objects, connections and so forth. You can then take the status report and construct the replication topology -- site names, DC names, site link information, as well as replication related errors and significant events. It serves as a very nice one-stop shopping list for troubleshooting Active Directory replication failure.

Yes, there are a lot of sophisticated tools out there, but don't forget ReplMon. It is still a very powerful tool for monitoring and troubleshooting all aspects of Active Directory replication.

Do you have an Active Directory issue or problem that you'd like Gary to write an article about? Email him at glo11749@yahoo.com. Note: Gary cannot answer each query personally or guarantee that all will be answered. However those queries that have widespread interest or involve common AD issues will be addressed.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy